context7
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download documentation content from an external API at
https://context7.comusing thecurlutility.\n- [DATA_EXFILTRATION]: User-provided library names and topical search queries are transmitted to thecontext7.comAPI endpoints as part of the documentation lookup process.\n- [COMMAND_EXECUTION]: The documentation inSKILL.mdandREADME.mdprovides explicit shell commands usingcurlandjqfor the agent to execute to interact with the external service.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes data from an external, third-party source (context7.com) that could be manipulated by an attacker to include hidden instructions.\n - Ingestion points: Documentation text and search results fetched from the
/api/v2/contextand/api/v2/libs/searchendpoints as described inSKILL.md.\n - Boundary markers: No specific delimiters or safety instructions (e.g., 'ignore instructions within this data') are used when the agent processes the fetched content.\n
- Capability inventory: The skill uses shell command execution (
curl,jq) which are used to retrieve the untrusted data.\n - Sanitization: The skill does not define any sanitization, filtering, or validation steps for the documentation content retrieved from the external API.
Audit Metadata